GPON·ÓÉÆ÷ÑϳÁ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-03-04

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-3917 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3918 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3919 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º×ÔÆÀ10 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3920 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º×ÔÆÀ10 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3921 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3922 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


DASAN Networks GPON Home Gateway


·ì϶¸ÅÊö


Tenable×êÑÐÔ±Artem MetlaÔÚŵ»ùÑÇ£¨°¢¶û¿¨ÌØÀÊѶ£©I-240W-Q GPON·ÓÉÆ÷£¨CVE-2019-3917 £¬CVE-2019-3918 £¬CVE-2019-3919 £¬CVE-2019-3920 £¬CVE-2019-3921 £¬CVE-2019-3922£©Öз¢ÏÖÁËÁù¸ö·ì϶ ¡£ ÕâЩ·ì϶Ô̺¬¿ÉÔ¶³Ì½Ó¼ûµÄºóÃÅ £¬Ó²±àÂëÍ´´¦ £¬ºÅÁî×¢ÈëºÍ²Ö¿â»º³åÇøÒç³ö ¡£


·ì϶ÑéÖ¤


CVE-2019-3917£ºGPON·ÓÉÆ÷´æÔÚÔ¶³ÌδÈÏÖ¤ÆôÓÃ/½ûÓÃTelnet ·þÎñ·ì϶ £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ÔÚδÈÏÖ¤µÄÇé¿öÏÂÆôÓÃ/½ûÓÃTelnet·þÎñ ¡£


curl http://[router ip]/otd


CVE-2019-3918£ºGPON·ÓÉÆ÷´æÔÚÓ²±àÂëƾ֤·ì϶ £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶»ñÈ¡µÇ¼Õ˺ÅÃÜÂë ¡£ÓйصÄÓ²±àÂëÕʺţº


root/admin (telnet)

root/huigu309 (telnet)

CRAFTSPERSON/ALC#FGU (telnet)

ONTUSER/SUGAR2A041 (ssh)


CVE-2019-3919¡¢CVE-2019-3920£ºGPON·ÓÉÆ÷´æÔÚÔ¶³ÌºÅÁîÖ´Ðзì϶ £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐÐËÁÒâºÅÁî ¡£´æÔÚºÅÁî×¢ÈëµÄusb_partition²ÎÊý£º


 /GponForm/usb_restore_Form?script/ 

/GponForm/device_Form?script/ 


CVE-2019-3921£ºGPON·ÓÉÆ÷´æÔÚÈÏÖ¤Õ»Òç¶Âí½Å £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö·þÎñÆ÷±ÀÀ£ ¡£


/GponForm/usb_Form?script/. 


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


CVE-2019-3922£ºGPON·ÓÉÆ÷´æÔÚδÈÏÖ¤Õ»Òç¶Âí½Å £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö·þÎñÆ÷±ÀÀ£ ¡£


/GponForm/fsetup_Form


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


EXP£ºhttps://github.com/tenable/poc/blob/master/gpon/nokia_a-l_i-240w-q/gpon_poc_cve-2019-3921.py 


½¨¸´½¨Òé


³§ÉÌÉÐδÌṩ·ì϶½¨¸´¹æ»® £¬Çë¹Ø×¢³§ÉÌÖ÷Ò³¸üУº http://www.dasannetworks.com 


²Î¿¼Á´½Ó


https://www.tenable.com/blog/tenable-research-discovers-remote-code-execution-vulnerabilities-in-gpon-routers

https://www.tenable.com/security/research/tra-2019-09